This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: sshd "PrintLastLog yes"

From: Igor Pechtchanski <pechtcha at cs dot nyu dot edu>
To: cygwin at cygwin dot com
Date: Mon, 8 Sep 2003 12:23:53 -0400 (EDT)
Subject: Re: sshd "PrintLastLog yes"
References: <99AE13FA0F1F824AA6D299741FE6C82F8EC6@dcp1.home.fermin.ch><5.1.0.14.0.20030907142823.0468a3d8@127.0.0.1> <20030908110159.A25263@ns1.iocc.com><20030908160746.GC7908@redhat.com>
Reply-to: cygwin at cygwin dot com

On Mon, 8 Sep 2003, Christopher Faylor wrote:

> On Mon, Sep 08, 2003 at 11:01:59AM -0500, Joshua Daniel Franklin wrote:
> >On Sun, Sep 07, 2003 at 02:30:47PM -0400, Larry Hall wrote:
> >> At 05:30 AM 9/7/2003, Fermin Sanchez you wrote:
> >> >I did a chmod 664 on /var/log/lastlog, now it works. Thank you again!
> >> >One good side effect: I'm going to put all this information into a "how
> >> >to install and run cygwin and sshd on a Windows Server 2003 Domain
> >> >Controller" ;-)
> >>
> >> It would be great to see this as an addition to the Cygwin docs and/or
> >> automated by the post-install script too.  Just a thought.
> >
> >Personally I think this is a candidate for a specific package README,
> >though maybe some language could be added to "Security" section of the
> >User's Guide.
>
> I'm not sure I understand the argument against automatically setting the
> permissions on /var/log/lastlog to something which would allow a
> properly privileged account to access the file.  It seems like this
> is a good post-install candidate to me.
>
> cgf

The argument is that you don't always know what the properly privileged
account *is*.  You can't assume that it's "system" (not on Win2003, at
least).  I don't disagree that on new installs this should be set to
something sensible, but we should leave power users the ability to
manipulate their filesystem in the way they want to without having to
worry about postinstall scripts changing that setup.  That's why I
suggested adding this into "ssh-host-config" (which will presumably be run
by new users to set up sshd) instead.  Another advantage of
"ssh-host-config" is that it's interactive (whereas postinstall scripts
aren't, or shouldn't be).
	Igor
-- 
				http://cs.nyu.edu/~pechtcha/
      |\      _,,,---,,_		pechtcha@cs.nyu.edu
ZZZzz /,`.-'`'    -.  ;-;;,_		igor@watson.ibm.com
     |,4-  ) )-,_. ,\ (  `'-'		Igor Pechtchanski, Ph.D.
    '---''(_/--'  `-'\_) fL	a.k.a JaguaR-R-R-r-r-r-.-.-.  Meow!

"I have since come to realize that being between your mentor and his route
to the bathroom is a major career booster."  -- Patrick Naughton

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Follow-Ups:
- Re: sshd "PrintLastLog yes"
  - From: Corinna Vinschen

References:
- RE: sshd "PrintLastLog yes"
  - From: Fermin Sanchez
- RE: sshd "PrintLastLog yes"
  - From: Larry Hall
- Re: sshd "PrintLastLog yes"
  - From: Joshua Daniel Franklin
- Re: sshd "PrintLastLog yes"
  - From: Christopher Faylor

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]